Jason Miller, Executive Editor, Federal News Radio

The General Services Administration's schedules program has been victimized by
spear phishing attacks, costing vendors more than $1.5 million. And law
enforcement officials say it's increasing.

GSA alerted Schedule 70 and 75 vendors Wednesday that since July 2012 the FBI, the
Environmental Protection Agency and GSA inspectors general have been investigating
a series of fraudulent orders placed online to GSA vendors from criminals posing
as federal contracting officials, according to an email to Schedule-70 and 75
vendors, which Federal News Radio obtained.

Law enforcement officials now say scammers are targeting orders for laptop
computers, though it's unclear if these two cases are related. But GSA said "there
are some significant similarities and we're following up on investigative leads to
make further determinations."

"Over the past few months there have been orders for laptop computers (Schedule
70) wherein perpetrators have set up/attempted to set up accounts directly with
vendors to procure laptop computers," GSA wrote in an email. "They are spoofing
actual Department of Defense domains, and in some cases, using actual DoD members'
information."

GSA's notice to vendors said law enforcement officials made one arrest so far and
still are investigating other fraudulent orders.

Steps to stop the scam

GSA said scammers so far have targeted employees of the EPA, Interior Department's
Fish and Wildlife Service, the Commerce Department's Census Bureau and the
Department of Health and Human Services' National Institutes of Health. The email
stated the list of affected government agencies grows each day.

"By calling the GSA Global Supply or vendors directly, perpetrators are placing
orders for toner cartridges and laptop computers ranging from a few hundred to
$20,000 using stolen credit card numbers," the email notice stated. "In at least
one instance, the vendor was able to track the perpetrator in real time attempting
to enter a list of stolen credit card numbers until he found one that cleared for
processing. Investigators have traced the fraudulent activity going as far back as
December 2011. It is growing every day."

In the email notice to vendors, GSA requests vendors take several steps to help
catch the scammers and protect themselves.

"Although it is extra work, investigators are requesting that any representatives
receiving orders for HP printer toner cartridges or laptop computers verify the
provided shipping address using the 'street view' function on Google Maps," the
email stated. "If it is a very large order going to what appears to be a
residential address, it is likely fraudulent."

Law enforcement officials also are requesting vendors to preserve IP addresses
used by the bad actors, and, if possible, make audio recordings of customer
telephone calls in connection with these fraudulent orders, being sure to keep in
mind that some states require both parties to know the call is being recorded.

"Investigators have learned the perpetrators recruited a nationwide network of
'repackagers' — people who unwitting, and have applied for 'work-from-home'
positions receiving this merchandise and remailing it to destinations currently
unknown," the email notice stated. "Once the order is placed, the perpetrator
'spoofs' a disconnected telephone number to call the GSA vendor and ask for
shipping and tracking information. Witnesses say that the caller has a foreign
accent. The perpetrator may also attempt to contact the representatives through
online chats or direct phone calls."

Spear phishing fraud is new to schedule holders

Larry Allen, a long-time expert and observer of the GSA schedules and president of
Allen Federal Business Partners, said this is the first time in nearly 25 years
fraud like this has happened.

"Contractors clearly need to be on-guard to ensure that they are selling only to
authorized schedule users," he said. "Selling at deep discounts to commercial
companies can get companies in compliance trouble in some circumstances.
Ironically, it appears that some people think that schedule prices are very
competitive and desirable. I wonder why GSA leadership doesn't think this."

Scott Orbach, president of EZGSA, said vendors should
apply the "know-your-customer" rule to schedule purchases.

"It requires a firm to use reasonable diligence in regard to opening and
maintaining every account," he wrote in an email. "This includes knowing and
retaining the essential facts about a customer and the authority of the persons
acting on behalf of that customer."

Rick Vogel, a federal government sales manager for Coast-to-Coast Computer
Products in Simi Valley, Calif., said his company has protections against
fraudsters.